Inf-IT DAV Clients March 2018

davclients@lists.inf-it.com

6 participants
4 discussions

CORS
by Joachim Schiele 28 Mar '18

28 Mar '18

hey, i wanted to create a wordpress plugin using caldavzap but while i was able to use: https://demo13.nextcloud.bayton.org/apps/calendar/ from thunderbird, it seems to fail from caldavzap: var globalNetworkCheckSettings={ href: "https://admin:admin@demo13.nextcloud.bayton.org/remote.php/dav/calendars/ad…", userAuth: { userName: 'admin', userPassword: 'admin' }, timeOut: 90000, lockTimeOut: 10000, checkContentType: true, settingsAccount: true, delegation: true, additionalResources: [], hrefLabel: null, forceReadOnly: null, ignoreAlarms: false, backgroundCalendars: [] } the error it reports is: OPTIONS https://demo13.nextcloud.bayton.org/remote.php/dav/calendars/admin/personal/ 401 (Unauthorized) 16:59:17.819 jquery-2.1.4.min.js:4 OPTIONS https://demo13.nextcloud.bayton.org/remote.php/dav/calendars/admin/personal/ 401 (Unauthorized) Failed to load https://demo13.nextcloud.bayton.org/remote.php/dav/calendars/admin/personal/: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 401. Error: [netCheckAndCreateConfiguration: 'PROPFIND https://admin:admin@demo13.nextcloud.bayton.org/remote.php/dav/calendars/ad…'] code: '0' status: 'error' - see https://www.inf-it.com/caldavzap/readme.txt (cross-domain setup) we had also tried the calendar from config.js: href: location.protocol+'//'+location.hostname+ (location.port ? ':'+location.port: '')+ location.pathname.replace(RegExp('/+[^/]+/*(index\.html)?$'),'')+ '/caldav.php/', but this also failed. the overall question now would be: can one use these two callendards without doing server side modifications to it? if a server side modification would be required to use caldavzap then one would not be able to use caldavzap with an arbitrary online resource and ATM i think that this is the case. can someone please tell me that i'm wrong plz? regards, joachim schiele -- Joachim Schiele nixcloud GmbH 004915204145347 blog: http://lastlog.de/blog wiki: http://lastlog.de/wiki GPG: C11CFB9FFA7A5F4EEDCC59BCAC10E1AC6D8F75EE (here: https://lastlog.de/blog/about.html)

2 2

Using HTTP Basic Auth
by l-infit＠wieh.eu 16 Mar '18

16 Mar '18

Hi! I just want to share my hack, as it will likely be valuable to others as well. I have a not so uncommon setup: People login via HTTP Basic Authentication (popup window in the webbrowser). The webserver manages the login via LDAP. Once logged in, they have access to several webservices like wiki, file safe (Nextcloud or something), InfCloud and others. So clearly I do not want any login page. The login credentials are known by the webserver and webbrowser. The webbrowser will happily send them again without user interaction. Officially there seems to be no way to login without the login screen, but without hard-coding credentials in the config.js. Ok. Generally, this is not so easy, because in Javascript you cannot access the browser’s authentication cache—for good reason. But in my case (and maybe in your case, too) the InfCloud files are provided by the same webserver that also serves as the WebDAV server (DAViCal in my case); and also by the same vhost. (This might later be important—see below. I have no special subdomain for DAViCal.) So there are no (additional) security concerns in sending the credentials once again from the browser to the webserver and back again, so I can read them in my Javascript. Here is what I have done: 1) Rename InfCloud’s index.html to index.php. You should try this out. Maybe you better use another language, if PHP is not available to your webserver. In my case, DAViCal is running on the same webserver, which is written in PHP. So, obviously, I can run PHP scripts. 2) In the lines around 620 in index.php, there are some hidden form fields (<input id="foo" type="hidden" value=""/>. Add two more like this: <input id="foo-login" type="hidden" value="<?=htmlspecialchars($_SERVER['PHP_AUTH_USER'])?>"/> <input id="foo-pw" type="hidden" value="<?=htmlspecialchars($_SERVER['PHP_AUTH_PW'])?>"/> The effect is, that the user gets back an HTML file with their login credentials in cleartext in there. Don’t do this, if this is risky in your setup. In most cases this should not be risky, as the browser knows the credentials anyway; as well as anyone who can read the traffic between the browser and the InfCloud webserver. 3) In the beginning of the index.php, inside the <head></head> section, there are several lines starting with “<script”. Move all these lines to the end of the document, right before the closing </body> tag. The Javascript needs to be loaded after the rest of the document, because otherwise the Javascript code in the beginning would not have access to the content of the document, i.e. to our credentials. 4) In config.js, enable the globalAccountSettings method (that one with the hard-coded credentials). But instead of really hard-coding some credentials there, you type (for example, if you have DAViCal installed in /cal/ and rewrite the URLs in your webserver config, so you can omit the part “/caldav.php”): href: 'https://example.com:443/cal/'+document.getElementById('foo-login').value+'/', userAuth: { userName: document.getElementById('foo-login').value, userPassword: document.getElementById('foo-pw').value }, If both the WebDAV server and the InfCloud files are below the same principal URL (same vhost), then a better solution would be, if InfCloud would simply try to access the WebDAV server without sending any login credentials. The WebDAV server would then reply with 401 and the browser would resend the request with the already-known credentials in the request header. This would be much less of a hack. Maybe somene else wants to try that. Love Torsten

1 0

InfCloud is failing on me...
by Johan Vromans 09 Mar '18

09 Mar '18

All of a sudden InfCloud is missing events. I'm running InfCloud 0.13.2.rc2 since the end of 2015 using FireFox on Fedora. The DAViCal server is running on a separate system. InfCloud didn't change and neither did the DAViCal server. I did upgrade FireFox as part of regular system upgrades. This morning I noticed, the hard way, that a repeating event was missing from InfCloud. It is just gone. All occurrences, including past occurrences. The event is on the server, since other clients (Android phones and tablets) display it. This worries me very much. Is there anything I can do to find out what is going on? I tried cahce_update but that didn't make a difference. Update: InfCloud with Chromium doesn't show the missing events either.

2 5

does infcloud support header "Access-Control-Allow-Origin <a-domain>"?
by Ploc 02 Mar '18

02 Mar '18

Hi everyone, Does infcloud support header "Access-Control-Allow-Origin <a-domain>"? I tried to configure my caldav server with "Access-Control-Allow-Origin" header set to <a-domain>", but infcloud seems to be unable to connect the caldav server, reporting the following error in the browser's console: > "Error: [netCheckAndCreateConfiguration: 'PROPFIND https://<a-domain>/dav/'] code: '0' status: 'error' - see https://www.inf-it.com/infcloud/readme.txt (cross-domain setup)" webdav_protocol.js:120:4 When I set this "Access-Control-Allow-Origin" header to "*", it works. I find it more secure to be able to set this header. Can you tell me how is infcloud supposed to work with this header? Thank!

3 7

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Inf-IT DAV Clients March 2018